VPC by Cloud MadeEasy

https://www.youtube.com/channel/UCKki-
pKxPuqLYyHynealjtw
1. Amazon Virtual Private Cloud(Region Scoped)
2. VPC =Subnet,Route table,IG,NACL,SG,NAT and
EC2
3. Amazon Virtual Private Cloud (Amazon VPC)
lets you provision a logically isolated section of
the AWS Cloud where you can launch AWS
resources in a virtual network that you define.

4. VPC IP Should not overlap with network

5. IG: Provide internet to the resources inside
VPC
6. One vpc -> one IG
7. NAT: Network Address Translator helps to
connect with the internet of private subnet
resources
8. NAT must be in public subnet
9. NAT GATEWAY :Managed by AWS
10. Billed per hour
11. SG(State full): Allow rule but no deny rule
12. Nothing accepted by default
13. For SG if the inbound rule is passed then
the outbound rule is automatically passed
14. For NACL(State less)Works in subnet level
can use to block IP address
15. NACL ->All accept by default
16. VPC Peering :Should be in same CIRD
range
17. VPC peering possible for cross region and
cross account
18. VPC Endpoint : Endpoint allows the AWS
resource connect privately
EC2-> Dynamo DB,S3
 19. VPC Flow log Can track the IP, subnet
,stored in s3 (Athena for analysis )
20. Bastion Host: Public subnet EC2 CAN SSH
,CONNECT TO other ec2 of public /private
subnet
21. Site to Site VPN: By default, instances that
you launch into an Amazon VPC can't
communicate with your own (remote)
network. You can enable access to your
remote network from your VPC by creating an
AWS Site-to-Site VPN (Site-to-Site VPN)
connection, and configuring routing to pass
traffic through the connection.
22. Direct Connect : Direct connect to On
Prem network to AWS resource (1-10GBPS)
23. Egress Only IG :IPv6
24. AWS Private Link:
25. Transit Gateway :Support multicast IP ,
Complex VPC hub topology

VPC Question Answer

1. You need to host a set of web servers and database servers in an AWS VPC. Which of the
following is a best practice in designing a multi-tier infrastructure?
A. Use a public subnet for the web tier and a public subnet for the database layer.
B. Use a public subnet for the web tier and a private subnet for the database layer.
C. Use a private subnet for the web tier and a private subnet for the database layer.
D. Use a private subnet for the web tier and a public subnet for the database layer.

2. An IT company has a set of EC2 Instances hosted in a VPC. They are hosted in a private subnet.
These instances now need to access resources stored in an S3 bucket. The traffic should not
traverse the internet. The addition of which of the following would help fulfil this requirement?
A. VPC Endpoint
B. NAT Instance
C. NAT Gateway
D. Internet Gateway

3. An application consists of the following architecture:

a. EC2 Instances are in multiple AZ’s behind an ELB.

b. The EC2 Instances are launched via an Auto Scaling Group.
c. There is a NAT instance used so that instances can download updates from the internet.
Due to the high bandwidth being consumed by the NAT instance, it has been decided to use a
NAT Gateway. How should this be implemented?
A. Use NAT Instances along with the NAT Gateway.
B. Host the NAT instance in the private subnet.
C. Migrate the NAT Instance to NAT Gateway and hostthe NAT Gateway in the public subnet.
4.You are planning on hosting a web and MySQL database application in an AWS VPC. The
database should only be accessible by the web server. Which of the following would you change
to fulfill this requirement?
A. Network Access Control Lists
B. AWS RDS Parameter Groups
C. Route Tables
D. Securityg roups
5. Your IT Security department has mandated that all traffic flowing in and out of EC2 instances
needs to be monitored. Which of the below services can help achieve this?
A. Trusted Advisor
B. VPC Flow Logs
C. Use CloudWatch metrics
D. Use CloudTrail
6.